90 matches found
Release Information for Proxmox Virtual Environment Plug-In v12.1.3.217
Update: 2025-03-19 Consider the following regarding the Proxmox Virtual Environment Plug-In: The Plug-in build on this page, 12.1.3.217, is included automatically when upgrading to or installing Veeam Backup & Replication 12.3.1. The Plug-in only needs to be manually deployed by customers still...
RaspberryMatic 3.73.9.20240130 Remote Code Execution Exploit
RaspberryMatic / OCCU contains a unauthenticated remote code execution vulnerability, caused by multiple issues within the Java based HMIPServer.jar component. The webui allows for Firmware uploads which can be reached through the URL /pages/jpages/system/DeviceFirmware/addFirmware. This allows a...
CVE-2020-10882
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tdpServer service, which listens on...
CVE-2024-10082
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...
CVE-2024-43648 Authenticated command injection via <redacted>.exe <redacted> parameter
Command injection in the parameter of a .exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate – This action is not a common place for command injection vulnerabilities to occur. Thus, an...
CVE-2024-43648
CVE-2024-43648 affects Iocharger firmware for AC models before version 24120701. The issue is a command injection in the parameter of a .exe request, which results in remote code execution as the root user. This grants full control over the charging station, enabling arbitrary file/service addit...
ABB AC500 安全漏洞
ABB AC500 is a programmable logic controller PLC from ABB Switzerland. A security vulnerability exists in ABB AC500 V3 prior to version 3.8.0, which stems from a directory traversal vulnerability that could allow an authenticated attacker to inject arbitrary commands into a specially crafted file...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-49924)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49924 advisory. - In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after fre...
The vulnerability of the backup function of the Cisco Secure Firewall Management Center (formerly Cisco Firepower Management Center) allows a perpetrator to execute arbitrary commands on the basic operating system.
The vulnerability of the cluster backup function of the Cisco Secure Firewall Management Center formerly known as Cisco Firepower Management Center exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to...
CVE-2024-24621 Softaculous Webuzo Authentication Bypass
Softaculous Webuzo contains an authentication bypass vulnerability through the password reset functionality. Remote, anonymous attackers can exploit this vulnerability to gain full server access as the root user...
CVE-2024-2859 By default, SANnav OVA is shipped with root user login enabled (CVE-2024-2859)
By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account...
CVE-2024-30247
NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with...
PT-2024-23294 · Unknown · Nextcloudpi
Name of the Vulnerable Software and Affected Versions: NextcloudPi versions prior to 1.53.1 Description: A command injection issue in NextcloudPi allows command execution as the root user via the NextcloudPi web-panel. This can be exploited by anyone with access to the web-panel, as no...
PT-2024-20359 · Totolink · Totolink A8000Ru
Name of the Vulnerable Software and Affected Versions: TOTOLINK A8000RU version 7.1cu.643 B20200521 Description: The issue is related to a hardcoded password for the root user stored in the /etc/shadow file. This could potentially allow unauthorized access to the system. Recommendations: For...
CVE-2023-48245
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...
insights-client: unsafe handling of temporary files and directories
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local...
CVE-2023-20007
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly,...
Command injection
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions 2.15.1, RUGGEDCOM ROX MX5000RE All versions 2.15.1, RUGGEDCOM ROX RX1400 All versions 2.15.1, RUGGEDCOM ROX RX1500 All versions 2.15.1, RUGGEDCOM ROX RX1501 All versions 2.15.1, RUGGEDCOM ROX RX1510 All versions 2.15.1,...
CVE-2022-32268
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can injec...
Exploit for Reliance on Cookies without Validation and Integrity Checking in Fantec Mwid25-Ds_Firmware
PoC exploit for CVE-2022-28113, an unauthenticated remote code e...